Home All Groups Group Topic Archive Search About

IIS Security

microsoft.public.inetserver.iis.security
Score secure site - multiple users w/ 1 user account?
b_russ - 4 Jun 2005 7:56 PM - 4 messages
Background: I have an https secure site on IIS. It uses digest authentication and a unique username/PW is assigned for each user. New Project: I'm going to create a new page with less secure content such as procedures, instruction, etc. I'll create a new folder and ...
Score Making unique URL - internal and external
Magoo - 4 Jun 2005 6:52 AM - 3 messages
In a previous post, Karl kindly suggested that I could change the internal name servers to serve up a different IP address to accomodate requests from users that need to hit [link] (from the Internet) and ...
Score windows integrated authentication
tom - 3 Jun 2005 8:37 PM - 3 messages
I have an IIS site configured to use Windows Integrated Authentication. It works fine for some users but not for other users. Not sure how to troubleshoot. Has anyone seen this before. ...
Score Application Identity
joe - 3 Jun 2005 2:25 PM - 3 messages
has anybody compiled a complete list of all the registry/file permissions and user rights necessary when using an account other than network service or system for the application pool identity in IIS 6? It would be great if IIS set these for you (wizard or script) when you use a non-system account . ...
Score Secure website (cookie/session)
IkBenHet - 3 Jun 2005 9:17 AM - 4 messages
Hello, First of all, I am aware that there is already alot of information about this subject on this an other resources. Probably the question I am going to ask is already asked. But in the information I can find, I ...
Score Your opinion on SSL and common URL to access site from internal and external
Magoo - 3 Jun 2005 2:42 AM - 3 messages
I have a Sharepoint site published on ISA 2004. Requirement is let users that access this from the Internet and intranet use just one URL. Currently, on the Internet users are able to connect to my company site using: [link] ...
Score IP address and domain name restrictions not available?.
PeterX - 2 Jun 2005 11:14 PM - 3 messages
For some reason the feature "IP address and domain name restrictions" is ghosted in my IIS settings. Any idea why it can be? Anything else has to be activated first? I wanted to allow access only localhost and one external IP address, because that's all I need and lately my server ...
Score SSL for FTP
Kevin - 2 Jun 2005 8:47 PM - 4 messages
Is it possible to have Secure FTP? The same way that you can have secure HTTP(https://)? Thanks ...
Score add IP to ACL for IIS
John Grandy - 2 Jun 2005 4:56 PM - 2 messages
Regarding website setup on a Active Directory Domain with a single DC and all Windows 2003 Enterprise Edition machines: I have an IIS web server on one of machines.  I need to add an specific IP to the ACL so that requests from this IP can request pages from this ...
Score Permission denied when writing to eventlog from global.asa
Jonas Back - 2 Jun 2005 1:55 PM - 13 messages
I'm trying to log to the eventlog when a session dies on the IIS. First I had problems writing to the event log from the application but after adding (A;;0x2;;;S-1-5-21-1235689106-1732415182-1711286387-513) (where the ...
Score 401 errors filling logfile
topokin - 2 Jun 2005 1:15 PM - 8 messages
we have static intranet site which seems to be working fine without any displayed errors on IE, however, I just realized that "http-error 401" is filling the log with every users' access to the site. I have cross-checked users permission both on IIS and folders. The site is ...
Score Response splitting
Rob Smeets - 2 Jun 2005 8:51 AM - 2 messages
Hi, After a security audit, i was asked to look into the Response Splitting Security Issue of our webservers. I already know that i can solve it by putting a ISA server in front of the webservers. The question is, do we need ...
Score Problem with IUSR account
Markus Weber (Megalith GmbH) - 2 Jun 2005 7:46 AM - 6 messages
Hello, The IUSR_xxx account is locked (as user enters wrong password too often which can't be for this acount) from time to time so our website is no more accessible. After unlocking the account everything works again correctly. But how can I avoid the the account locks and why ...
Score Is the sessionState cookie a security risk.
RobAbbott@ElementK - 1 Jun 2005 2:16 PM - 2 messages
We had an outside security analysis done and they doscoverd the session cookie set by the session state feature.  Business/Marketing does not want us to use the cookieless option where the sessionid is moved into the URL.  ...
Score IP address and domain name restrictions
Henry - 1 Jun 2005 9:32 AM - 2 messages
How to enable this feature under Directory Security. I want to deny a specific IP access but the button is grayed out. Any clue? ...
Score Users get directory of virtual web site
Matthew Brewer - 31 May 2005 10:56 PM - 2 messages
On the recommendation of MOM2005 I disabled the IIS parent paths in IIS and now everytime I go to our OWA page I get the directory listing of everyone's mailbox. I went in and reenabled parent paths but the damage is already done. ...
Score How to control bandwidth per web site on IIS
e9310007 - 31 May 2005 8:06 PM - 2 messages
Hello All, We have multiple web hosting customers on IIS 6, Windows Server 2003 Enterprise edition.We would like to control bandwidth per web site on a monthly basis.For instance "www.x.com" should be allowed only 20 MB ...
Score certificate services fails to start
jeff - 31 May 2005 12:55 PM - 5 messages
I am getting the following error in the event logs when my server reboots nightly. Event Type:    Error Event Source:    Service Control Manager Event Category:    None Event ID:    7024 ...
Score Using integrated authentication
Andreas Schallwig - 31 May 2005 5:51 AM - 2 messages
Hi everybody, I have the following scenario. - One W2K Domaincontroller hosting an AD Service (Domain "foo") - One W2K Webserver with IIS 5 The webserver is not a member of the Domain "foo". Am I still able to use Integrated Authentication? If yes, how do I tell the IIS which domain to ...
Score Transfering a Secure Server Certificate
Kevin - 31 May 2005 12:28 AM - 2 messages
I have a secure server certificate that I use on one computer with IIS on XP pro. I recently got a new computer and was wondering if there was a way to transfer the certificate from the old computer to the new ...
Score Username/Password input dialog
Markus Weber (Megalith GmbH) - 30 May 2005 1:58 PM - 5 messages
Hello! I moved a website to one server to another (Win NT 4 to Win 2000) but on the Win2000 server a Username/Password input dialog appears when tring to access th website (main default.asp). On all files "Everyone" ...
Score IIS 6 Impersonate failed for ASP
Gavin Chan - 30 May 2005 10:51 AM - 3 messages
We have a Windows 2000 SP4 machine recently upgrade to Windows 2003 and then SP1. After that, we rename the machine and we got impersonate problem. We are running IIS 5 Isolation Mode on the Web Server. For all virtual directories, ...
Next » 2 3 4 5 6 7 8 9 10